If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Test your computer forensics-knowledge

Project Honeynet has challenged you to make sence of an, at first sight, meaningless bunch of UDP packets.

The Challenge:
On the evening of Feb 15th, three different members of the Honeynet Research Alliance received a flurry of strange UDP packets, that at first look seemed to have no apparent purpose. This month's Scan of the Month challenge is to understand the purpose of these packets (...)

UDP is a protocol used in the TCP/IP family. TCP uses a three way handshake between clients to ensure each datagram reaches its destination correctly. UDP does not have a simmilar handshake. This results in a less reliable connection, but since there's less overhead it's considerably faster. FTP (File Transfer Protocol) for example, uses TCP. TFTP (Trivial File Transfer Protocol) uses UDP.

I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

Has anyone worked on this much? I've looked at it quite a bit, but I must just be dumb when it comes to UDP. Could anyone give me a pointer in the right direction? I don't want the answer, just a hint if that's possible.

Well since the actual dates of this passed last month, I'd simply say I'd rely upon the info of those that looked at the logs and I am not in the project but if one takes that info and posts then tosses into that factor building a profile of events in total. This need to boast then the answer to the UDP's lay in the hint.

I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg